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the deleted user-token. Processing then continues to 
decision block 600 where the security steps of 600-606 
are again initiated. 

Steps 600-606 ensure that the speed and efficiency 
advantages of the access check system of the present 
invention do not result in security holes. The increased 
speed of the present invention is thereby implemented 
only when, from a security standpoint, it is safe to do 
so . 

Summary 

The access check system of the present invention 
includes a method and apparatus for efficiently 
accomplishing access checks for requested resources 
rather than performing a full, file-open, access check 
each time a user requests a resource. Although specific 
embodiments are disclosed herein, it is expected that 
persons skilled in the art can and will design 
alternative header generation systems that are within the 
scope of the following claims either literally or under 
the Doctrine of Equivalents. 
We claim : 



1. A computer-readable med 
executable instructions for pro 
computer network by performing 

receiving a request from a 
on the computer networks- 
checking a first memory to 
access the resource; 

providing the user with ac 
the first memory indicates that 
resource; 



.urn having computer- 
/iding access to a 
steps comprising: 

user to access a resource 

determine if the user may 

:ess to the resource if 
the user may access the 
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checking a second memory 
may access the resource if t\ 



indicate that the user may access the resource; 



to determine if the user 
e first memory does not 



providing the user with 
the second memory indicates 
resource; and 

storing information in 
that the user may access the 



access to the resource if 
:hat the user may access the 

the first memory indicating 
resource if, after checking 



the second memory, the second memory indicates that the 
user may access the resource. 

2/^Jie computer-readable medium of claim 1 wherein 
the first memo>y^indicates that/tha user may access the 
resource by indicatiri^ttiat acces^l ta the resource has 
been previously provided to uhe^user. 

3. The computer-readable medium of claim 1 wherein 
the user is represented in the first memory by a token. 



4. The computer-readable medium of claim 3 wherein 
the token also represents a plurality of other users. 



5. The computer-readable medium of claim 3 wherein 
the token represents anonymous users. 




7. The computer-readable medium of claim 1 wherein 
the resource is a file. 
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8 . The computer-readable medium of claim 1 wherein 
the resource is a volume of files. 



9. The computer-readable medium of claim 1 wherein 
the resource is a memory device. 

10. The computer-readab Le medium of claim 1 wherein 
storing the information in the first memory comprises 
overwriting other information associated with the 
resource in the first memor|. 

11. The computer-readable medium of claim 10 wherein 
storing the information in the first memory comprises 
writing a token for the user in the first memory over 
another token for another user that had last previous 
access to the resource. 



12. The computer-readable medium of claim 1 further 
comprising, if the resource is altered, removing 
indications from the first memory allowing access to the 
resource . 



13. The computer-readable medium of claim 1 further 
comprising, if rights of the user are altered, removing 
indications from the first memory allowing access by the 
user . 



14. The computer-readable medium of claim 1 wherein 
the request from the user indicates an operation to 
perform with respect to the resource, and further 
comprising: 
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checking the first memory to determine if the user 
may perform the operation with respect to the resource; 

providing the user with access to the resource to 
perform the operation if the first memory indicates that 
the user may perform the operation with respect to the 
resource; 

checking a second memory to determine if the user 
may perform the operation with respect to the resource if 
the first memory does not indicate that the user may 
perform the operation with respect to the resource; 

providing the user with access to the resource if 
the second memory indicates that the user may perform the 
operation with respect to the resource; and 

storing information in the first memory indicating 
that the user may perform the operation with respect to 
the resource if, after checking the second memory, the 
second memory indicates that the user may perform the 
operation with respect to the resource. 



lj^. A method for providi 
network, the method comprising 

receiving a reguest from 
on the computer network; 

checking a first memory 
access the resource; 

providing the user with 
the first memory indicates th 
resource; 

checking a second memory 
may access the resource if the first memory does not 
indicate that the user may access the resource; 



g access to a computer 

a user to access a resource 

o determine if the user may 

access to the resource if 
at the user may access the 

to determine if the user 
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providing the user with c 
the second memory indicates th 
resource; and 

storing information in t(i 
that the user may access the 
the second memory, the second 
user may access the resource 



ccess to the resource if 
at the user may access the 

e first memory indicating 
esource if, after checking 
memory indicates that the 



16 . Tkfimethod of claim 15^herein the first memory 
indicates that tTte^user may ac/cesfe the resource by 
indicating that access to^h^Vesource has been 
previously provided to the user?\^^ 

17. The method of claim 15 wherein the user is 
represented in the first memory by a token. 

18. The method of claim 17 wherein the token also 
represents a plurality of other users. 

19. The method of claim 17 wherein the token 
represents anonymous users. 



20. The method of claim 17 further comprising: 

authorizing the user by checking a password provided 
by the user; 

associating the token with the user after 
authorizing the user; and 

using the token to check the first memory. 
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21. The method of ofaim 15 wherein the resource is a 



file 




of claim 15 wherein the resource is a 



22. The m 
volume of fizes. 



23/ The method of claim 15 wherein the resource is a 
memow device. 



24. The method of .claim 3 5 wherein storing the 
information in the first memoiy comprises overwriting 
other information associated \jith the resource in the 
first memory. 

' \ 25. The method of claim 24 wh^ein storing the 

information in the first memory^comprises writing a token 
for the user in the first memory over another token for 
another user that had l^st previous access to the 
resource . 



26. The method of claim 15 further comprising, if 
the resourc^ is altered, removing indications from the 
first memory allowing access to the resource. 



27. The method of claim 15 further comprising, if 
rights of the user are altered, removing indications from 
the first memory allowing access by the user. 



(-\^ A 28. The method/of claim 15 wherein the request from 
^ the' user indicates an operation to perform with respect 



to the resource, and further comprising: 
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checking the first memory to determine Lf the user 
may perform the operation with respect to tfie resource; 

providing the user with access to tme resource to 
perform the operation if the first mejyfory indicates that 
the user may perform the operation ywith respect to the 
resource; / 

checking a second memory /to determine if the user 
may perform the operation with respect to the resource if 
the first memory does not/indicate that the user may 
perform the operation with respect to the resource; 

providing the us4r with access to the resource if 
the second memory i/ndicates that the user may perform the 
operation with respect to the resource; and 

storing information in the first memory indicating 
that the user/may perform the operation with respect to 
the resource/if, after checking the second memory, the 
second memc/ry indicates that the user may perform the 
operation/with respect to the resource. 
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